Hotlink protection and empty referers

As a general trend, we see more and more hits which http headers contain no or an empty REFERER (up to 50%). Obviously, some browsers or third party software (anti spyware ? anti ads ?) are blocking them, even when navigating within the same site.

That's true, norton and mcafee personal firewall remove REFERER header, and you have to allow direct access in hotlink protection in order not to block users using those kind of software, on the other hand, it will defeat the purpose of hotlink protection to some extent.

There is no good solution for REFERER based hotlink checking algorithm I could think of. A possible but not perfect solution is to check whether a HTML page has been requested from that IP address in the past few seconds (assuming images and HTML pages are on the same server).